Explanation about objects in ODI security manager

Similar Messages

• Deletion Key - Deleting Hosts on ODI Security Manager

  Hi,
  im heaving some trouble using ODI Security Manager. To delete manually inserted Hosts, is required a "Deletion Key" (after a generation of a unblock file with the connection info).
  Problem: how (or where) do i get (or generate) this Deletion Key???
  some guides say to look for oracle technical support. Where i can find this technical support (link, fone, fax, e-mail)??
  this means that everytime i need a deletion key, i have to send it to oracle??
  i need to understand how this process works.
  thanks for the help.

  Well,
  If there a possibility to add new hosts, there must be a way to delete them.
  In fact this should be a simple thing to do.
  how this simple task become such a complex process?!
  but the main reason, is that i'm in project where the client has a lot of demands, and i need to be prepared to any requests. (especially a simple task like this)
  thanks for the attention.

• Import Network host objects to Cisco Security Manager

  Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
  Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
  Thanks

  No hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
  Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
  The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
  is that really possible? it should be.
  thanks for the replies so far

• Needed urgent help for user creation in security manager in ODI 11g

  Hi Gurus,
  I have an urgent requirement in ODI security manager and i am completely helpless. We need specific steps for the user creation with sufficient priviledges. The detailed requirements are:
  1. There is a group of users under the framework team and these users should be able to edit the Knowledge modules only. All other objects (e.g. projects, interface, procedures or development related objects) should only be in read only mode for them.
  2. There is a group of users under the development team. The priviledges of these users should be mutually exclusive to that of the framework team users. i.e. the development team should be able to edit or delete all development related objects (e.g. projects, interface, proc etc.) but the knowledge modules should only be in read only mode for them.
  Now I will explain what i have tried out:
  I am working on ODI 11.1.1.5.
  I have created a user with NG DESIGNER and CONNECT profile. Dragged and dropped all the projects on the user and selected all methods in all repositories (check sign). However when i connect with that user i cannot open the KMs (as far as development team is concerned its fine) but i can also not open interfaces as well as procedures (which is not acceptable from development point of view).
  Also when i tried creating a user from the framework team point of view i could not see any option related to KMs (To give edit priviledge).
  Please help me out guys. I have also searched oracle documentation and believe me the security manager section is not very good. If you guys can help me out with specific steps it would be great (I have tried the hints given in oracle documentation and they dont work, the ODI security manager behaves strangely :-(
  Thanks in advance,
  SB

  Similar requirement here guys. Any pointers. I was able to achieve this by restricting development user from supervisor access. In that case the development user can not edit the interfaces. Any known defefct?

• Access to IPortalComponentRequest in custom security manager

  Hi All,
  I am implementing a custom security manager. For my requirements, I need IPortalComponentRequest object in the security manager class. Can anyone give me a clue to get the request object in security manager implementation.
  Regards,
  Yoga

  Hi Romano,
  I tried this. Its returning mysapsso2 cookie and authentication_schema cookie. But not retuning any custom cookies added to the response from any other application.
  What I have tried to achieve is:
  1. When a user login and authentication suceeds, I will add a custom cookie to the response.
  2. Get the custom cookie added in the security manager class and do manipulations to check whether the user is authenticated.
  Using the method you have suggested, I was not able to get any custom cookies added in other applications.
  I tried the code using resource context(resource context obtained form IUser) as suggested in other threads,
  HttpServletRequest request = (HttpServletRequest) resourceContext.getObjectValue("http://sapportals.com/xmlns/cm/httpservletrequest");
  But this API returns null.
  Any way to achieve?
  Regards
  Yoga

• HP Protecttoo​ls Security Manager

  Hey, is it necessary to remove HP Protecttools Security Manager? Because the computer says that I have to uninstall it to be able to download Windows 8.1

  Hi @imaqsood , 
  To get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial product. You can do this at Commercial Forums.
  Even though this is a Commercial product, I have looked into your issue about your HP ProtectTools Security Manager and not able to uninstall the software. Click Start, then "All Programs." Select "HP Protect Tools Security Manager" from the list of programs.
  Click "Settings." Click the box to the left of the menu. The green check in the box should disappear, which means that the application is disabled as it must be disabled to uninstall it. Close the window and restart the computer.
  Hope this helps you out.
  Thanks.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the bottom to say “Thanks” for helping!

• Business Objects XI R2 SP2 with Tomcat and Security Manager enabled

  XI R2 SP2 Unix server:
  I need to start the tomcat that is embedded in Business Objects with Security Manager enabled. Is there a writeup on how to do that? This changes the port that tomcat runs on, so do I just change all references to the port that it is currently running? Is it that simple?
  Thanks for any advice!

  It sounds like an issue that would need to be troubleshot by an engineer. Can you open  a message with support?
  Cluster members for client tools are defined in the windows registry. Does infoview work?
  Regards,
  Tim

• About security management

  hi all,
  i want to know about security management system.cn any one send me the documentation or any related presentations to the below mail gupta1428(@ gmail)
  if possible plz explain me clearly.......
  please help me to get out this problem
  thanks in advance.....
  thanks,
  gupta.
  Edited by: gupta pullipudi on Apr 10, 2008 4:40 PM

  >
  gupta pullipudi wrote:
  > can u provide me any links for compleate documentation............
  Dear Gupta,
  I guess you're asking for the training manual from the SAP courses ADM940, ADM950, ADM960?
  You'll find the extract of these fine courses in the SAP Help Portal: [http://help.sap.com|http://help.sap.com]
  There you have to click on "SAP Solution" -> "SAP NetWeaver" -> "Overview" -> "System Configuration and Administration" -> "Security Guide".
  As easy as !!!
  Regards,
  Klaus

• Custom Security Manager or Security Event Interception from WebLogic Console

  Hello,
  I have built my own Security Manager and implemented custom preference/property mechanism for every Principal, so when I use my Swing client to create new User and new Group, as well as addMember to a Group, I know what to do with those properies/preferences.
  Now, I want to use WebLogic Console to manage users and groups. I want to intercept events in my Security Manager about new User or Group creation or changing their memberships as Principals in order to handle their Preference/properties stuff myself...
  I wonder what should I "listen" in order to understand that someone has changed membership of Users or Groups or about creation of new User or Group?
  I use Weblogic Server 6.0 sp2
  serge

  Hi Daniel,
  > a custom security manager for the standard CM Repository
  And this dictates you indeed to use the old API, as the CMRepositoryManager itself is using the old API.
  The standard AclSecurityManager is implemented by com.sapportals.wcm.repository.manager.generic.security.AclSecurityManager. If you check out Configuration - Content Management - Repository Managers - Security Manager, you will see "ACL Security Manager" (the one from above) and "ACL Security Manager (for new Manager-API)". This is implementing / using the new API, but needs also a RM using the new API.
  > java.lang.NoSuchMethodException: MySecurityManager.<init>
  This exception only complains about a missing constructor!? Have you implemented a default constructor?!
  > If this is the case, where can I find the API for IUMPrincipal? It is not included in any provided API because of deprecation.
  The methods of the old EP5 user management are more or less similar to the new UME, so using the old deprecated API should be more or less straight forward.
  There are also transformer methods for example to transform a "new" user object to an old EP5 one, see https://forums.sdn.sap.com/thread.jspa?threadID=235656&tstart=0
  Hope it helps
  Detlev

• Demystify ODI Security -- Documentation is very weak on this topic.

  I see 3,000 hits to one thread on ODI Security but I haven't gotten that "Ah-ha!" moment where I now understand ODI security. The SNPS_USERS.PDF (ODI User's Guide) is very light on the security section.
  I'm trying to do something I hope is very simple: Create a new user that can execute the scenarios I choose and only for certain contexts. I've been able to create a new user. I've also been able to apply a profile to the new user. But when I try to grant specific SCENARIOS I get this error:
  *"This user already have generic privilege on this object type. You do not need to set instance privileges."*
  Does anyone have any good examples on how to setup ODI security?
  -Chris Rothermel
  Edited by: Chris Rothermel on Apr 12, 2010 2:40 PM

  Chris,
  I agree that ODI security is poorly documented and seems more like witchcraft.
  Having said that, see this Re: Security
  This may give you insight into how Generic and Non Generic privileges work
  Create a brand new user.
  For your case, do the following:
  1. Create a duplicate of CONNECT profile and name it CONNECT_WITHOUT_CONTEXT.
  2. Expand it and goto Context-> Dbl-click View.
  3. Uncheck the "Generic Privilege" checkbox.
  4. Grant CONNECT_WITHOUT_CONTEXT to the user.
  5. Drag-drop the Contexts that you want the user to access from Topology Manager onto the user.
  Now user will only be able to see the contexts that you explicitly grant him.
  6. Also, for your case use NG Designer instead of regular Designer profile.
  7. The Execute Method in the Scenario object underneath this profile has been unchecked for "Generic Privilege"
  8. Login to Operator and drag-drop the scenarios on the user.
  HTH

• ODI security

  Hi,
  I have implemented a whole project in ODI 11G.
  Now I want to give the security in this ODI.
  Could you please provide me the step by step procedure?
  Thanks,
  Rubi

  Hi Rubi,
  You are trying to explore the least documented feature to ODI ... you need to learn by tryint it out.
  ODI security is implemented by PROFILE given to USER .This is done via Security Manager.
  You can assign 1 or many profile to an user . Then drag/drop the objects into that user.
  During this time it will ask you to give edit/read privilege , choose which evere is required .
  I am not sure if I am able to express in proper way .. but at least you can try it out by your self.
  Thanks,
  Sutirtha

• " plug-in name does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari Security "Manage Website Settings"?

  Hi,
  Wondering why "<plug-in name> does not support the highest level of security for Safari plug-ins" appear for some plugins in Safari > Security > "Manage Website Settings"?
  Have been trying to get to the root cause of the problem but did not find much on this. I am trying to figure out what can get the warning to go away completely than using the Allow/Always Allow options for the plug-in
  Thanks,
  Shyam

  Hi Linc,
  Thank you for your response. Here is the screenshot of the warning that I am talking about.
  Here is what I do:
  1. Launch Safari and open its Preferences. I have Safari 7.1 installed on my machine.
  2. Click Security Tab and click Manage WebSite Settings
  3. A window opens showing me all the Plug-ins that I have (listed on the left hand side).
  4. One of them is the Adobe Reader plug-in. When I click Adobe Reader, the following details about the plug-in show up on the right
  I was referring to the highlighted section that warns me about this plug-in not using the highest level of security for Safari Plug-ins.
  Note: I do not see this for all my plug-ins (QuickTime, Adobe Flash Player don't give me this warning) which tells me that there is a way to make the warning go away.
  Thanks again,
  Shyam

• Using the Security Manager to restrict access to a single package

  After reading up on the Security Manager, the package.access property and the use of the [accessClassInPackage RuntimePermission|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html#RuntimePermission] , it seemed to me that it would possible to set up the following: I have a security-sensitive code base packaged in a jar, and I want to make sure that only one client code base that I specify is permitted to access it. The idea here is to prevent malicious code from executing anything in the sensitive code base; the sensitive code is only accessible to one client that I name in a security policy file. Perhaps rather foolishly, I advised a client to consider this before testing out a sample myself, because much to my surprise, it appears to me that it isn't possible to get the Security Manager to do this at all. Am I missing something? I'm a bit startled by this conclusion -- it seems like such an obvious use for the Security Manager, I'm hard-pressed to be believe that it can't be done, and more inclined to suspect that I'm going about it wrong.
  Here's what I thought I could do: set up the package.access property so that it denies access to any package; then in the policy file, grant the RuntimePermission/accessClassInPackage to the client code base that is permitted to access the sensitive code.
  Of course, you wouldn't want the package.access property to exclude all packages in the global java.security file, because then no code could be accessed at all. It would be necessary to use the trick of resetting the package.access property within the code, as [illustrated in the secure coding guidelines|http://java.sun.com/security/seccodeguide.html#1-1a] .
  But the problem lies in the idea of "use the package.access property to deny access to +any+ package". There doesn't seem to be any way to use wildcards or the like with the property -- it has to specifically name packages (or package prefixes) to which access is forbidden. It wouldn't do to try to name the packages to which I'm trying to prevent access, since we're trying to prevent access from malicious code -- the attacker could just choose package names that aren't on the list. I'd really need to say that access is denied to all packages, except for those in the permitted code base, but the security mechanisms for package access don't seem to allow that.
  Moreover, the trick of changing the value of package.access can't be done within the client code -- otherwise, the attacker client would just set the property to his own purposes. But it can't really be done within the sensitive package either, because the whole idea is to prevent access to that package, and by the time it's busy setting the property, it's already too late, because the package has to have been accessed by a client to get there at all.
  It seems to me that this a symptom of something I've never really understood about the design of the Security Manager -- you can grant permissions to specific code bases, but you can't revoke permissions from specific code bases, let alone all code bases. What I want to do here is grant access permission to one specific code base and revoke it from all others. There doesn't seem to be any way to express that with the mechanisms of the Security Manager.
  The more I look at it, the more it seems that there's just no way to use the Security Manager this way -- set up package access so that a specific code base can only be accessed by one specific client code base. There are surely other ways to get the effect that I'm looking for, but as far as I can tell, none of them involve restricting package access (for example: define a custom permission, grant it only to the permitted client. and check against that permission within the sensitive code base; meaning that the sensitive code has to be accessible to anyone in the first place). This conclusion really surprises me (not to mention my bit of embarrassment with the client); wouldn't this be precisely the sort of thing the Security Manager ought to be good for?

  You're looking at this back to front. The security policy file is there for the client to decide how much access he is going to give this application, not for to application to restrict who can use it. If you want to control what used to be called 'state orientation' you can do that directly by looking down the stack trace inside your code.

• How to define a flexfiled in security manager

  hi guys ,
  i would like to use getInfo subtitution of ODI.But I could not find out where to define the variable .
  eg: ı wanna get the driver and url addresses from flexfield variable
  '<%=odiRef.getInfo("DEST_JAVA_URL")%>', <%=odiRef.getInfo("SRC_JAVA_DRIVER")%>
  but i don't know how to define the variables DEST_JAVA_URL and SRC_JAVA_DRIVER in security manager.
  pls help

  Hi,
  'mgcp call-agent [ccm1] service-type mgcp version 0.1' command you have the primary server;
  'ccm-manager redundant-host [ccm2] [ccm3]' for primary and secondary backup.
  But you will need to run 'no mgcp','mgcp' for the changes to take effect.
  Regards,
  =====================
  Please rate useful posts

• Need Information About Java Platform Overview For Manager (WJTB-310)

  Hi, My name is Jeffry. I need information about Java Platform Overview For Manager (WJTB-310).
  I need Information about table of contents, how long it takes to study that training (approximately), how many chapters are in that training, minimum Internet connection speed to access that training, and everything you know about WJTB-310.
  Is there a synchronized audio in WJTB-310 ?
  Is there a video streaming in WJTB-310 ?
  Can I receive a certificate for any web-based training ? especially in WJTB-310 ?
  Is there a programming language material in WJTB-310 or just an overview ?
  Sorry for asking to many question
  Thanks
  Jeffry Kristianto Yanuar

  I thought I'd give you a response even if I can't answer your question completely. (I think we ought to start a separate thread entitled "How do you get any replies on this forum???") Here is what I have been forced to do. I introduced some JavaScript on the web page that contains the applet I want to be run. The sole purpose of the JavaScript is to detect which platform the client is on. If it's not MacIntosh, then I have JavaScript write the <object><embed> tag used by the Java plug-in. It it is MachIntosh, then I have JavaScript write the regular <applet> tag and let the Mac browsers do as best they can. With mixed and disappointing results. Netscape 6.2 crashes with a lot of applets. IE 5 brings up the applet okay but certain Swing components aren't displaying properly. The MacIntosh I've been testing on is version 9.1. I'm trying OS X tomorrow.
  Why don't you send a reply to my query under the Java Plug-in Forum--from aronsz, dated 06/11/02--if you have some more info by now. I sure would appreciate it.